Hello there,
I’m reading this forum since some days and I can’t find something that could suits our configuration. I have also to confess that I’m not very good in authentication / identification process …
We are using Shibboleth for authentication in our Indico instance.
When we loggin to indico, I can see that shibboleth is requesting our sso service then POST the SAMLResponse to our instance https://indico-instance/Shibboleth.sso/SAML2/POST.
The payload is containing all group for one user, encoded with b64.
My question is what should I do to automatically create group when a user is logging ?
# SSO
AUTH_PROVIDERS = {
'shib-sso': {
'type': 'shibboleth',
'title': 'SSO',
'attrs_prefix': '',
'callback_uri': '/login/shib-sso/shibboleth',
}
}
IDENTITY_PROVIDERS = {
'shib-sso': {
'type': 'shibboleth',
'title': 'SSO',
'identifier_field': 'USERID',
'mapping': {
'login': 'USERID',
'email': 'EMAIL',
},
'trusted_email': True
}
}
I tried to add
'default_group_provider': True,
But it seems not working.
Should I add saml as IDENTITY_PROVIDERS in parrallele of shib-sso ?